January 30, 2024 at 09:42AM
Juniper Networks has released patches for multiple vulnerabilities in the J-Web component of Junos OS. The most severe issue is a cross-site scripting flaw (CVE-2024-21620), with a CVSS score of 8.8. Another defect (CVE-2024-21619) could allow an unauthenticated attacker to access sensitive information. Two missing authentication bugs were also resolved. CISA advises organizations to review Juniper’s advisory and apply the patches to avoid potential exploitation.
From the meeting notes, I have summarized the key takeaways as follows:
– Juniper Networks has released patches for multiple vulnerabilities in the J-Web component of Junos OS on SRX series firewalls and EX series switches, including a high-severity bug.
– The most severe vulnerability is a cross-site scripting flaw (CVE-2024-21620) with a CVSS score of 8.8, which could lead to the execution of arbitrary commands by an attacker.
– Another security defect (CVE-2024-21619) could allow an unauthenticated attacker to access sensitive information over the network.
– The company also resolved two missing authentication bugs that could impact file system integrity.
– Juniper recommends disabling J-Web or limiting access to trusted hosts as a workaround for all four vulnerabilities.
– The US cybersecurity agency CISA advises organizations to apply the available patches as soon as possible to avoid potential exploitation by attackers.
– Juniper makes no mention of these flaws being exploited in attacks.
Let me know if you need additional details.